1 /* $OpenBSD: l2tp_call.c,v 1.7 2011/01/20 23:12:33 jasper Exp $ */ 2 3 /*- 4 * Copyright (c) 2009 Internet Initiative Japan Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 /* $Id: l2tp_call.c,v 1.7 2011/01/20 23:12:33 jasper Exp $ */ 29 /**@file L2TP LNS call */ 30 #include <sys/types.h> 31 #include <sys/param.h> 32 #include <sys/socket.h> 33 #include <sys/time.h> 34 #include <stdlib.h> 35 #include <stddef.h> 36 #include <netinet/in.h> 37 #include <stdio.h> 38 #include <string.h> 39 #include <syslog.h> 40 #include <stdarg.h> 41 #include <unistd.h> 42 #include <event.h> 43 #include <net/if_dl.h> 44 45 #include "debugutil.h" 46 #include "bytebuf.h" 47 #include "hash.h" 48 #include "slist.h" 49 #include "l2tp.h" 50 #include "l2tp_subr.h" 51 52 #include "npppd.h" 53 #include "l2tp_local.h" 54 55 #ifdef L2TP_CALL_DEBUG 56 #define L2TP_CALL_DBG(m) l2tp_call_log m 57 #define L2TP_CALL_ASSERT(x) ASSERT(x) 58 #else 59 #define L2TP_CALL_DBG(m) 60 #define L2TP_CALL_ASSERT(x) 61 #endif 62 63 static void l2tp_call_log (l2tp_call *, int, const char *, ...) __printflike(3,4); 64 static void l2tp_call_disconnect (l2tp_call *, int, int, const char *, struct l2tp_avp *[], int); 65 static int l2tp_call_recv_ICRQ (l2tp_call *, u_char *, int); 66 static int l2tp_call_send_ICRP (l2tp_call *); 67 static int l2tp_call_recv_ICCN (l2tp_call *, u_char *, int, dialin_proxy_info *); 68 static int l2tp_recv_CDN (l2tp_call *, u_char *, int); 69 static int l2tp_call_send_CDN (l2tp_call *, int, int, const char *, struct l2tp_avp *[], int); 70 static int l2tp_call_send_ZLB (l2tp_call *); 71 static inline const char *l2tp_call_state_string (l2tp_call *); 72 static int l2tp_call_bind_ppp (l2tp_call *, dialin_proxy_info *); 73 static void l2tp_call_notify_down (l2tp_call *); 74 static int l2tp_call_send_data_packet (l2tp_call *, bytebuffer *); 75 76 static int l2tp_call_ppp_output (npppd_ppp *, unsigned char *, int, int); 77 static void l2tp_call_closed_by_ppp (npppd_ppp *); 78 79 /* create {@link ::_l2tp_call L2TP call} instance */ 80 l2tp_call * 81 l2tp_call_create(void) 82 { 83 l2tp_call *_this; 84 85 if ((_this = malloc(sizeof(l2tp_call))) == NULL) 86 return NULL; 87 88 return _this; 89 } 90 91 /* initialize {@link ::_l2tp_call L2TP call} instance */ 92 int 93 l2tp_call_init(l2tp_call *_this, l2tp_ctrl *ctrl) 94 { 95 memset(_this, 0, sizeof(l2tp_call)); 96 97 _this->ctrl = ctrl; 98 if (l2tpd_assign_call(ctrl->l2tpd, _this) != 0) 99 return -1; 100 101 _this->use_seq = ctrl->data_use_seq; 102 103 return 0; 104 } 105 106 /* free {@link ::_l2tp_call L2TP call} instance */ 107 void 108 l2tp_call_destroy(l2tp_call *_this, int from_l2tp_ctrl) 109 { 110 l2tpd_release_call(_this->ctrl->l2tpd, _this); 111 free(_this); 112 } 113 114 /* 115 * l2tp disconnect will occur when 116 * 1) disconnect request issued from nppdctl command 117 * 2) npppd is terminated 118 * in case 1) ppp_stop() is used to terminal. (PPP LCP TermReq) 119 * and in case 2) l2tp_call_disconnect() is used (L2TP CDN) 120 */ 121 /* administrative reason disconnection */ 122 void 123 l2tp_call_admin_disconnect(l2tp_call *_this) 124 { 125 l2tp_call_disconnect(_this, L2TP_CDN_RCODE_ADMINISTRATIVE_REASON, 0, 126 NULL, NULL, 0); 127 } 128 129 /* 130 * disconnect l2tp connection 131 * @param result_code disconect without CDN, specify zero 132 */ 133 static void 134 l2tp_call_disconnect(l2tp_call *_this, int result_code, int error_code, 135 const char *errmes, struct l2tp_avp *addavp[], int naddavp) 136 { 137 L2TP_CALL_ASSERT(_this != NULL); 138 139 if (_this->state == L2TP_CALL_STATE_CLEANUP_WAIT) { 140 /* CDN received, or have been sent */ 141 l2tp_call_notify_down(_this); /* just in case */ 142 return; 143 } 144 if (result_code > 0) { 145 if (l2tp_call_send_CDN(_this, result_code, error_code, errmes, 146 addavp, naddavp) 147 != 0) 148 l2tp_call_log(_this, LOG_ERR, "Error sending CDN: %m"); 149 } 150 _this->state = L2TP_CALL_STATE_CLEANUP_WAIT; 151 l2tp_call_notify_down(_this); 152 } 153 154 /* 155 * control packet 156 */ 157 158 /* call it when control packet is received */ 159 int 160 l2tp_call_recv_packet(l2tp_ctrl *ctrl, l2tp_call *_this, int mestype, 161 u_char *pkt, int pktlen) 162 { 163 int i, len, session_id, send_cdn; 164 l2tp_call *call; 165 dialin_proxy_info dpi; 166 167 /* when ICRQ, this will be NULL */ 168 L2TP_CALL_ASSERT(_this != NULL || 169 mestype == L2TP_AVP_MESSAGE_TYPE_ICRQ); 170 171 if (_this == NULL) { 172 if (mestype != L2TP_AVP_MESSAGE_TYPE_ICRQ) 173 return 1; 174 if ((_this = l2tp_call_create()) == NULL) { 175 l2tp_ctrl_log(ctrl, LOG_ERR, 176 "l2tp_call_create failed in %s(): %m", __func__); 177 return 1; 178 } 179 l2tp_call_init(_this, ctrl); 180 181 if (l2tp_call_recv_ICRQ(_this, pkt, pktlen) != 0) 182 return 1; 183 184 len = slist_length(&ctrl->call_list); 185 session_id = _this->id; 186 again: 187 /* assign a session ID */ 188 session_id &= 0xffff; 189 if (session_id == 0) 190 session_id = 1; 191 for (i = 0; i < len; i++) { 192 call = slist_get(&ctrl->call_list, i); 193 if (call->session_id == session_id) { 194 session_id++; 195 goto again; 196 } 197 } 198 _this->session_id = session_id; 199 200 /* add the l2tp_call to call list */ 201 slist_add(&_this->ctrl->call_list, _this); 202 203 if (l2tp_call_send_ICRP(_this) != 0) 204 return 1; 205 _this->state = L2TP_CALL_STATE_WAIT_CONN; 206 return 0; 207 } 208 209 /* state machine */ 210 send_cdn = 0; 211 switch (_this->state) { 212 default: 213 break; 214 case L2TP_CALL_STATE_WAIT_CONN: 215 switch (mestype) { 216 case L2TP_AVP_MESSAGE_TYPE_ICCN: 217 memset(&dpi, 0, sizeof(dpi)); 218 if (l2tp_call_recv_ICCN(_this, pkt, pktlen, &dpi) != 0) 219 return 1; 220 l2tp_call_bind_ppp(_this, &dpi); 221 l2tp_call_send_ZLB(_this); 222 _this->state = L2TP_CALL_STATE_ESTABLISHED; 223 _this->ctrl->ncalls++; 224 return 0; 225 case L2TP_AVP_MESSAGE_TYPE_ICRQ: 226 case L2TP_AVP_MESSAGE_TYPE_ICRP: 227 send_cdn = 1; 228 /* FALLTHROUGH */ 229 default: 230 l2tp_call_log(_this, LOG_ERR, 231 "Waiting ICCN. But received %s", 232 avp_mes_type_string(mestype)); 233 if (send_cdn) { 234 l2tp_call_disconnect(_this, 235 L2TP_CDN_RCODE_ERROR_CODE, 236 L2TP_ECODE_GENERIC_ERROR, "Illegal state.", 237 NULL, 0); 238 return 0; 239 } 240 } 241 break; 242 case L2TP_CALL_STATE_ESTABLISHED: 243 switch (mestype) { 244 case L2TP_AVP_MESSAGE_TYPE_CDN: 245 /* disconnect from peer. log it */ 246 l2tp_recv_CDN(_this, pkt, pktlen); 247 _this->state = L2TP_CALL_STATE_CLEANUP_WAIT; 248 l2tp_call_notify_down(_this); 249 l2tp_call_send_ZLB(_this); 250 return 0; 251 case L2TP_AVP_MESSAGE_TYPE_ICRQ: 252 case L2TP_AVP_MESSAGE_TYPE_ICRP: 253 case L2TP_AVP_MESSAGE_TYPE_ICCN: 254 send_cdn = 1; 255 break; 256 default: 257 break; 258 } 259 l2tp_call_log(_this, LOG_ERR, 260 "Call established. But received %s", 261 avp_mes_type_string(mestype)); 262 if (send_cdn) { 263 l2tp_call_disconnect(_this, 264 L2TP_CDN_RCODE_ERROR_CODE, 265 L2TP_ECODE_GENERIC_ERROR, "Illegal state.", 266 NULL, 0); 267 return 0; 268 } 269 l2tp_call_disconnect(_this, 0, 0, NULL, NULL, 0); 270 return 1; 271 } 272 l2tp_call_log(_this, LOG_INFO, "Received %s in unexpected state=%s", 273 avp_mes_type_string(mestype), l2tp_call_state_string(_this)); 274 l2tp_call_disconnect(_this, 0, 0, NULL, NULL, 0); 275 return 1; 276 } 277 /* 278 * receieve ICRQ 279 * @return return 0 if the ICRQ is acceptable. 280 * other values means fail to receive, and 281 * CDN was sent and status was updated. 282 */ 283 static int 284 l2tp_call_recv_ICRQ(l2tp_call *_this, u_char *pkt, int pktlen) 285 { 286 int avpsz, slen; 287 struct l2tp_avp *avp; 288 char buf[L2TP_AVP_MAXSIZ], emes[256]; 289 290 avp = (struct l2tp_avp *)buf; 291 while (pktlen >= 6 && (avpsz = avp_enum(avp, pkt, pktlen, 1)) > 0) { 292 pkt += avpsz; 293 pktlen -= avpsz; 294 if (avp->vendor_id != 0) { 295 L2TP_CALL_DBG((_this, LOG_DEBUG, 296 "Received a Vendor-specific AVP vendor-id=%d " 297 "type=%d", avp->vendor_id, avp->attr_type)); 298 continue; 299 } 300 if (avp->is_hidden != 0) { 301 l2tp_call_log(_this, LOG_WARNING, 302 "Received AVP (%s/%d) is hidden. But we don't " 303 "share secret.", 304 avp_attr_type_string(avp->attr_type), 305 avp->attr_type); 306 if (avp->is_mandatory != 0) { 307 l2tp_call_disconnect(_this, 308 L2TP_CDN_RCODE_ERROR_CODE, 309 L2TP_ECODE_UNKNOWN_MANDATORY_AVP, NULL, 310 NULL, 0); 311 return 1; 312 } 313 continue; 314 } 315 switch (avp->attr_type) { 316 case L2TP_AVP_TYPE_MESSAGE_TYPE: 317 AVP_SIZE_CHECK(avp, ==, 8); 318 continue; 319 case L2TP_AVP_TYPE_ASSIGNED_SESSION_ID: 320 AVP_SIZE_CHECK(avp, ==, 8); 321 _this->peer_session_id = avp_get_val16(avp); 322 continue; 323 case L2TP_AVP_TYPE_CALL_SERIAL_NUMBER: 324 case L2TP_AVP_TYPE_BEARER_TYPE: 325 case L2TP_AVP_TYPE_PHYSICAL_CHANNEL_ID: 326 /* 327 * Memo: 328 * Microsoft "L2TP/IPsec VPN Client" for 329 * Windows 98/Me/NT asserts mandatory bit in 330 * Physical Channel Id 331 */ 332 case L2TP_AVP_TYPE_CALLING_NUMBER: 333 slen = MIN(sizeof(_this->calling_number) - 1, 334 avp_attr_length(avp)); 335 memcpy(_this->calling_number, avp->attr_value, slen); 336 _this->calling_number[slen] = '\0'; 337 break; 338 case L2TP_AVP_TYPE_CALLED_NUMBER: 339 case L2TP_AVP_TYPE_SUB_ADDRESS: 340 continue; 341 default: 342 if (avp->is_mandatory) { 343 l2tp_call_log(_this, LOG_WARNING, 344 "AVP (%s/%d) is not supported, but it's " 345 "mandatory", 346 avp_attr_type_string(avp->attr_type), 347 avp->attr_type); 348 if (avp->is_mandatory != 0) { 349 l2tp_call_disconnect(_this, 350 L2TP_CDN_RCODE_ERROR_CODE, 351 L2TP_ECODE_UNKNOWN_MANDATORY_AVP, 352 NULL, NULL, 0); 353 return 1; 354 } 355 #ifdef L2TP_CALL_DEBUG 356 } else { 357 L2TP_CALL_DBG((_this, LOG_DEBUG, 358 "AVP (%s/%d) is not handled", 359 avp_attr_type_string(avp->attr_type), 360 avp->attr_type)); 361 #endif 362 } 363 } 364 } 365 if (_this->peer_session_id == 0) { 366 l2tp_call_log(_this, LOG_ERR, 367 "Received a bad ICRP: SessionId = 0"); 368 l2tp_call_disconnect(_this, L2TP_CDN_RCODE_ERROR_CODE, 369 L2TP_ECODE_INVALID_MESSAGE, "Session Id must not be 0", 370 NULL, 0); 371 return 1; 372 } 373 l2tp_call_log(_this, LOG_INFO, "RecvICRQ session_id=%u", 374 _this->peer_session_id); 375 376 return 0; 377 size_check_failed: 378 l2tp_call_log(_this, LOG_ERR, "Received bad ICRQ: %s", emes); 379 l2tp_call_disconnect(_this, L2TP_CDN_RCODE_ERROR_CODE, 380 L2TP_ECODE_WRONG_LENGTH, NULL, NULL, 0); 381 382 return 1; 383 } 384 385 /* send ICRP */ 386 static int 387 l2tp_call_send_ICRP(l2tp_call *_this) 388 { 389 int rval; 390 struct l2tp_avp *avp; 391 char buf[L2TP_AVP_MAXSIZ]; 392 bytebuffer *bytebuf; 393 394 bytebuf = l2tp_ctrl_prepare_snd_buffer(_this->ctrl, 1); 395 if (bytebuf == NULL) { 396 l2tp_call_log(_this, LOG_ERR, "sending ICRP failed: no buffer"); 397 return 1; 398 } 399 avp = (struct l2tp_avp *)buf; 400 401 /* Message Type = ICRP */ 402 memset(avp, 0, sizeof(*avp)); 403 avp->is_mandatory = 1; 404 avp->attr_type = L2TP_AVP_TYPE_MESSAGE_TYPE; 405 avp_set_val16(avp, L2TP_AVP_MESSAGE_TYPE_ICRP); 406 bytebuf_add_avp(bytebuf, avp, 2); 407 408 memset(avp, 0, sizeof(*avp)); 409 avp->is_mandatory = 1; 410 avp->attr_type = L2TP_AVP_TYPE_ASSIGNED_SESSION_ID; 411 avp_set_val16(avp, _this->session_id); 412 bytebuf_add_avp(bytebuf, avp, 2); 413 414 if ((rval = l2tp_ctrl_send_packet(_this->ctrl, _this->peer_session_id, 415 bytebuf, 1)) != 0) { 416 l2tp_call_log(_this, LOG_ERR, "failed to SendICRP: %m"); 417 return 1; 418 } 419 l2tp_call_log(_this, LOG_INFO, "SendICRP session_id=%u", 420 _this->session_id); 421 return 0; 422 } 423 424 /* send L2TP data message */ 425 static int 426 l2tp_call_send_data_packet(l2tp_call *_this, bytebuffer *buffer) 427 { 428 int rval; 429 struct l2tp_header *hdr; 430 431 bytebuffer_flip(buffer); 432 hdr = (struct l2tp_header *)bytebuffer_pointer(buffer); 433 memset(hdr, 0, sizeof(*hdr) - 4); /* Nr, NS are option */ 434 435 hdr->t = 0; 436 hdr->ver = L2TP_HEADER_VERSION_RFC2661; 437 hdr->l = 1; 438 hdr->length = htons(bytebuffer_remaining(buffer)); 439 hdr->tunnel_id = htons(_this->ctrl->peer_tunnel_id); 440 hdr->session_id = htons(_this->peer_session_id); 441 if (_this->use_seq) { 442 hdr->s = 1; 443 hdr->ns = htons(_this->snd_nxt++); 444 hdr->nr = htons(_this->rcv_nxt); 445 } 446 447 if (_this->ctrl->l2tpd->data_out_pktdump != 0) { 448 l2tpd_log(_this->ctrl->l2tpd, LOG_DEBUG, 449 "ctrl=%u call=%u L2TP Data output packet dump", 450 _this->ctrl->id, _this->id); 451 show_hd(debug_get_debugfp(), bytebuffer_pointer(buffer), 452 bytebuffer_remaining(buffer)); 453 } 454 if ((rval = l2tp_ctrl_send(_this->ctrl, bytebuffer_pointer(buffer), 455 bytebuffer_remaining(buffer))) < 0) { 456 L2TP_CALL_DBG((_this, LOG_DEBUG, "sendto() failed: %m")); 457 } 458 459 return (rval == bytebuffer_remaining(buffer))? 0 : 1; 460 } 461 462 /* 463 * receive ICCN 464 * @return return 0 if the ICCN is acceptable. 465 * other value means fail to receive, and 466 * CDN was sent and status was updated. 467 */ 468 static int 469 l2tp_call_recv_ICCN(l2tp_call *_this, u_char *pkt, int pktlen, 470 dialin_proxy_info *dpi) 471 { 472 int avpsz, tx_conn_speed; 473 uint32_t framing_type = 0; 474 struct l2tp_avp *avp; 475 char buf[L2TP_AVP_MAXSIZ], emes[256]; 476 477 tx_conn_speed = 0; 478 avp = (struct l2tp_avp *)buf; 479 while (pktlen >= 6 && (avpsz = avp_enum(avp, pkt, pktlen, 1)) > 0) { 480 pkt += avpsz; 481 pktlen -= avpsz; 482 if (avp->vendor_id != 0) { 483 L2TP_CALL_DBG((_this, LOG_DEBUG, 484 "Received a Vendor-specific AVP vendor-id=%d " 485 "type=%d", avp->vendor_id, avp->attr_type)); 486 continue; 487 } 488 if (avp->is_hidden != 0) { 489 l2tp_call_log(_this, LOG_WARNING, 490 "Received AVP (%s/%d) is hidden. But we don't " 491 "share secret.", 492 avp_attr_type_string(avp->attr_type), 493 avp->attr_type); 494 if (avp->is_mandatory != 0) { 495 l2tp_call_disconnect(_this, 496 L2TP_CDN_RCODE_ERROR_CODE, 497 L2TP_ECODE_UNKNOWN_MANDATORY_AVP, NULL, 498 NULL, 0); 499 return 1; 500 } 501 continue; 502 } 503 switch (avp->attr_type) { 504 case L2TP_AVP_TYPE_MESSAGE_TYPE: 505 AVP_SIZE_CHECK(avp, ==, 8); 506 continue; 507 case L2TP_AVP_TYPE_TX_CONNECT_SPEED: 508 AVP_SIZE_CHECK(avp, ==, 10); 509 tx_conn_speed = avp_get_val32(avp); 510 continue; 511 case L2TP_AVP_TYPE_FRAMING_TYPE: 512 AVP_SIZE_CHECK(avp, ==, 10); 513 framing_type = avp_get_val32(avp); 514 continue; 515 case L2TP_AVP_TYPE_SEQUENCING_REQUIRED: 516 _this->seq_required = 1; 517 _this->use_seq = 1; 518 continue; 519 #ifndef L2TPD_TEST 520 /* 521 * AVP's for Proxy-LCP and Proxy-Authen 522 */ 523 case L2TP_AVP_TYPE_LAST_SENT_LCP_CONFREQ: 524 memcpy(dpi->last_sent_lcp.data, avp->attr_value, 525 avp_attr_length(avp)); 526 dpi->last_sent_lcp.ldata = avp_attr_length(avp); 527 break; 528 case L2TP_AVP_TYPE_LAST_RECV_LCP_CONFREQ: 529 memcpy(dpi->last_recv_lcp.data, avp->attr_value, 530 avp_attr_length(avp)); 531 dpi->last_recv_lcp.ldata = avp_attr_length(avp); 532 break; 533 case L2TP_AVP_TYPE_PROXY_AUTHEN_CHALLENGE: 534 memcpy(dpi->auth_chall, avp->attr_value, 535 MIN(avp_attr_length(avp), sizeof(dpi->auth_chall))); 536 dpi->lauth_chall = avp_attr_length(avp); 537 break; 538 case L2TP_AVP_TYPE_PROXY_AUTHEN_ID: 539 dpi->auth_id = avp_get_val16(avp); 540 break; 541 case L2TP_AVP_TYPE_PROXY_AUTHEN_NAME: 542 memcpy(dpi->username, avp->attr_value, 543 MIN(sizeof(dpi->username) - 1, 544 avp_attr_length(avp))); 545 break; 546 case L2TP_AVP_TYPE_PROXY_AUTHEN_RESPONSE: 547 memcpy(dpi->auth_resp, avp->attr_value, 548 MIN(avp_attr_length(avp), sizeof(dpi->auth_resp))); 549 dpi->lauth_resp = avp_attr_length(avp); 550 break; 551 case L2TP_AVP_TYPE_PROXY_AUTHEN_TYPE: 552 switch (avp_get_val16(avp)) { 553 default: 554 l2tp_call_log(_this, LOG_WARNING, 555 "RecvICCN Unknown proxy-authen-type=%d", 556 avp_get_val16(avp)); 557 /* FALLTHROUGH */ 558 case L2TP_AUTH_TYPE_NO_AUTH: 559 dpi->auth_type = 0; 560 break; 561 case L2TP_AUTH_TYPE_PPP_CHAP: 562 dpi->auth_type = PPP_AUTH_CHAP_MD5; 563 break; 564 case L2TP_AUTH_TYPE_PPP_PAP: 565 dpi->auth_type = PPP_AUTH_PAP; 566 break; 567 case L2TP_AUTH_TYPE_MS_CHAP_V1: 568 dpi->auth_type = PPP_AUTH_CHAP_MS; 569 break; 570 } 571 break; 572 #endif 573 default: 574 if (avp->is_mandatory != 0) { 575 l2tp_call_log(_this, LOG_WARNING, 576 "AVP (%s/%d) is not supported, but it's " 577 "mandatory", 578 avp_attr_type_string(avp->attr_type), 579 avp->attr_type); 580 l2tp_call_disconnect(_this, 581 L2TP_CDN_RCODE_ERROR_CODE, 582 L2TP_ECODE_UNKNOWN_MANDATORY_AVP, NULL, 583 NULL, 0); 584 return 1; 585 #ifdef L2TP_CALL_DEBUG 586 } else { 587 L2TP_CALL_DBG((_this, LOG_DEBUG, 588 "AVP (%s/%d) is not handled", 589 avp_attr_type_string(avp->attr_type), 590 avp->attr_type)); 591 #endif 592 } 593 } 594 } 595 l2tp_call_log(_this, LOG_INFO, "RecvICCN " 596 "session_id=%u calling_number=%s tx_conn_speed=%u framing=%s", 597 _this->peer_session_id, _this->calling_number, tx_conn_speed, 598 ((framing_type & L2TP_FRAMING_CAP_FLAGS_ASYNC) != 0)? "async" : 599 ((framing_type & L2TP_FRAMING_CAP_FLAGS_SYNC) != 0)? "sync" : 600 "unknown"); 601 602 return 0; 603 size_check_failed: 604 l2tp_call_log(_this, LOG_ERR, "Received bad ICCN: %s", emes); 605 l2tp_call_disconnect(_this, L2TP_CDN_RCODE_ERROR_CODE, 606 L2TP_ECODE_WRONG_LENGTH, NULL, NULL, 0); 607 return 1; 608 } 609 610 /* receive CDN */ 611 static int 612 l2tp_recv_CDN(l2tp_call *_this, u_char *pkt, int pktlen) 613 { 614 int result, error, avpsz, len, sessid; 615 struct l2tp_avp *avp; 616 char buf[L2TP_AVP_MAXSIZ], emes[256], pmes[256]; 617 618 /* initialize */ 619 result = 0; 620 error = 0; 621 sessid = 0; 622 strlcpy(pmes, "(none)", sizeof(pmes)); 623 624 avp = (struct l2tp_avp *)buf; 625 while (pktlen >= 6 && (avpsz = avp_enum(avp, pkt, pktlen, 1)) > 0) { 626 pkt += avpsz; 627 pktlen -= avpsz; 628 if (avp->vendor_id != 0) { 629 L2TP_CALL_DBG((_this, LOG_DEBUG, 630 "Received a Vendor-specific AVP vendor-id=%d " 631 "type=%d", avp->vendor_id, avp->attr_type)); 632 continue; 633 } 634 if (avp->is_hidden != 0) { 635 l2tp_call_log(_this, LOG_WARNING, 636 "Received AVP (%s/%d) is hidden. But we don't " 637 "share secret.", 638 avp_attr_type_string(avp->attr_type), 639 avp->attr_type); 640 if (avp->is_mandatory != 0) { 641 l2tp_call_disconnect(_this, 642 L2TP_CDN_RCODE_ERROR_CODE, 643 L2TP_ECODE_UNKNOWN_MANDATORY_AVP, NULL, 644 NULL, 0); 645 return 1; 646 } 647 continue; 648 } 649 switch (avp->attr_type) { 650 case L2TP_AVP_TYPE_MESSAGE_TYPE: 651 AVP_SIZE_CHECK(avp, ==, 8); 652 continue; 653 case L2TP_AVP_TYPE_RESULT_CODE: 654 AVP_SIZE_CHECK(avp, >=, 8); 655 result = avp->attr_value[0] << 8 | avp->attr_value[1]; 656 if (avp->length >= 10) { 657 error = avp->attr_value[2] << 8 | 658 avp->attr_value[3]; 659 len = avp->length - 12; 660 if (len > 0) { 661 len = MIN(len, sizeof(pmes) - 1); 662 memcpy(pmes, &avp->attr_value[4], len); 663 pmes[len] = '\0'; 664 } 665 } 666 continue; 667 case L2TP_AVP_TYPE_ASSIGNED_SESSION_ID: 668 AVP_SIZE_CHECK(avp, >=, 8); 669 sessid = avp_get_val16(avp); 670 continue; 671 default: 672 if (avp->is_mandatory) { 673 l2tp_call_log(_this, LOG_WARNING, 674 "AVP (%s/%d) is not supported, but it's " 675 "mandatory", 676 avp_attr_type_string(avp->attr_type), 677 avp->attr_type); 678 if (avp->is_mandatory != 0) { 679 l2tp_call_disconnect(_this, 680 L2TP_CDN_RCODE_ERROR_CODE, 681 L2TP_ECODE_UNKNOWN_MANDATORY_AVP, 682 NULL, NULL, 0); 683 return 1; 684 } 685 #ifdef L2TP_CALL_DEBUG 686 } else { 687 L2TP_CALL_DBG((_this, LOG_DEBUG, 688 "AVP (%s/%d) is not handled", 689 avp_attr_type_string(avp->attr_type), 690 avp->attr_type)); 691 #endif 692 } 693 } 694 } 695 if (error == 0) { 696 l2tp_call_log(_this, LOG_INFO, 697 "RecvCDN result=%s/%d", l2tp_cdn_rcode_string(result), 698 result); 699 } else { 700 l2tp_call_log(_this, LOG_INFO, 701 "RecvCDN result=%s/%d error=%s/%d message=%s", 702 l2tp_cdn_rcode_string(result), result, 703 l2tp_ecode_string(error), error, pmes); 704 } 705 706 return 0; 707 708 size_check_failed: 709 /* continue to process even if the CDN message was broken */ 710 l2tp_call_log(_this, LOG_ERR, "Received bad CDN: %s", emes); 711 712 return 0; 713 } 714 715 /* send CDN */ 716 static int 717 l2tp_call_send_CDN(l2tp_call *_this, int result_code, int error_code, const 718 char *errmes, struct l2tp_avp *addavp[], int naddavp) 719 { 720 uint32_t val32; 721 int i, avplen, len; 722 struct l2tp_avp *avp; 723 char buf[L2TP_AVP_MAXSIZ]; 724 bytebuffer *bytebuf; 725 726 L2TP_CALL_ASSERT(_this != NULL); 727 bytebuf = l2tp_ctrl_prepare_snd_buffer(_this->ctrl, 1); 728 if (bytebuf == NULL) { 729 l2tp_call_log(_this, LOG_ERR, "sending CDN failed: no buffer"); 730 return 1; 731 } 732 avp = (struct l2tp_avp *)buf; 733 734 /* Message Type = CDN */ 735 memset(avp, 0, sizeof(*avp)); 736 avp->is_mandatory = 1; 737 avp->attr_type = L2TP_AVP_TYPE_MESSAGE_TYPE; 738 avp_set_val16(avp, L2TP_AVP_MESSAGE_TYPE_CDN); 739 bytebuf_add_avp(bytebuf, avp, 2); 740 741 /* Result Code */ 742 memset(avp, 0, sizeof(*avp)); 743 avp->is_mandatory = 1; 744 avp->attr_type = L2TP_AVP_TYPE_RESULT_CODE; 745 #if 0 746 /* 747 * Windows 2000 work around: 748 * Windows 2000 will return "2 - Length is wrong" in StopCCN, 749 * when it received "length = 8 and no error code AVP". 750 * Avoid the error, use AVP length = 10. 751 */ 752 if (error_code > 0) { 753 val32 = (result_code << 16) | (error_code & 0xffff); 754 avplen = 4; 755 avp_set_val32(avp, val32); 756 } else { 757 avplen = 2; 758 avp_set_val16(avp, result_code); 759 } 760 #else 761 val32 = (result_code << 16) | (error_code & 0xffff); 762 avplen = 4; 763 avp_set_val32(avp, val32); 764 #endif 765 766 if (errmes != NULL) { 767 len = MIN(strlen(errmes), L2TP_AVP_MAXSIZ - 128); 768 memcpy(&avp->attr_value[avplen], errmes, len); 769 avplen += len; 770 } 771 bytebuf_add_avp(bytebuf, avp, avplen); 772 773 /* Assigned Session Id */ 774 memset(avp, 0, sizeof(*avp)); 775 avp->is_mandatory = 1; 776 avp->attr_type = L2TP_AVP_TYPE_ASSIGNED_SESSION_ID; 777 if (_this != NULL && _this->session_id != 0) 778 avp_set_val16(avp, _this->session_id); 779 else 780 avp_set_val16(avp, 0); 781 bytebuf_add_avp(bytebuf, avp, 2); 782 783 for (i = 0; i < naddavp; i++) 784 bytebuf_add_avp(bytebuf, addavp[i], addavp[i]->length - 6); 785 786 if (l2tp_ctrl_send_packet(_this->ctrl, _this->peer_session_id, 787 bytebuf, 1) != 0) { 788 l2tp_call_log(_this, LOG_ERR, "Error sending CDN: %m"); 789 return 1; 790 } 791 792 if (error_code > 0) { 793 l2tp_call_log(_this, LOG_INFO, 794 "SendCDN result=%s/%d error=%s/%d messsage=%s", 795 l2tp_cdn_rcode_string(result_code), result_code, 796 l2tp_ecode_string(error_code), error_code, 797 (errmes == NULL)? "none" : errmes); 798 } else { 799 l2tp_call_log(_this, LOG_INFO, "SendCDN result=%s/%d", 800 l2tp_cdn_rcode_string(result_code), result_code); 801 } 802 803 return 0; 804 } 805 806 /* send ZLB */ 807 static int 808 l2tp_call_send_ZLB(l2tp_call *_this) 809 { 810 bytebuffer *bytebuf; 811 812 l2tp_call_log(_this, LOG_INFO, "SendZLB"); 813 bytebuf = l2tp_ctrl_prepare_snd_buffer(_this->ctrl, 1); 814 if (bytebuf == NULL) { 815 l2tp_call_log(_this, LOG_ERR, "sending ZLB failed: no buffer"); 816 return 1; 817 } 818 return l2tp_ctrl_send_packet(_this->ctrl, _this->peer_session_id, 819 bytebuf, 1); 820 } 821 822 /* 823 * misc 824 */ 825 /* logging with the label of the instance */ 826 static void 827 l2tp_call_log(l2tp_call *_this, int prio, const char *fmt, ...) 828 { 829 char logbuf[BUFSIZ]; 830 va_list ap; 831 832 va_start(ap, fmt); 833 #ifdef L2TPD_MULITPLE 834 snprintf(logbuf, sizeof(logbuf), "l2tpd id=%u ctrl=%u call=%u %s", 835 _this->ctrl->l2tpd->id, _this->ctrl->id, _this->id, fmt); 836 #else 837 snprintf(logbuf, sizeof(logbuf), "l2tpd ctrl=%u call=%u %s", 838 _this->ctrl->id, _this->id, fmt); 839 #endif 840 vlog_printf(prio, logbuf, ap); 841 va_end(ap); 842 } 843 844 /* convert current status to strings */ 845 static inline const char * 846 l2tp_call_state_string(l2tp_call *_this) 847 { 848 switch (_this->state) { 849 case L2TP_CALL_STATE_IDLE: return "idle"; 850 case L2TP_CALL_STATE_WAIT_CONN: return "wait-conn"; 851 case L2TP_CALL_STATE_ESTABLISHED: return "established"; 852 case L2TP_CALL_STATE_CLEANUP_WAIT: return "cleanup-wait"; 853 } 854 return "unknown"; 855 } 856 857 /* 858 * npppd physical layer 859 */ 860 861 /* input packet to ppp */ 862 void 863 l2tp_call_ppp_input(l2tp_call *_this, u_char *pkt, int pktlen) 864 { 865 int rval; 866 npppd_ppp *ppp; 867 868 ppp = _this->ppp; 869 rval = ppp->recv_packet(ppp, pkt, pktlen, 0); 870 871 if (_this->ppp == NULL) /* ppp is freed */ 872 return; 873 874 if (rval != 0) 875 ppp->ierrors++; 876 else { 877 ppp->ipackets++; 878 ppp->ibytes += pktlen; 879 } 880 } 881 882 /* called ppp output a packet */ 883 static int 884 l2tp_call_ppp_output(npppd_ppp *ppp, unsigned char *bytes, int nbytes, 885 int flags) 886 { 887 l2tp_call *_this; 888 bytebuffer *bytebuf; 889 890 _this = ppp->phy_context; 891 892 bytebuf = l2tp_ctrl_prepare_snd_buffer(_this->ctrl, _this->use_seq); 893 894 if (bytebuf != NULL) { 895 bytebuffer_put(bytebuf, bytes, nbytes); 896 if (l2tp_call_send_data_packet(_this, bytebuf) != 0) 897 ppp->oerrors++; 898 else { 899 ppp->opackets++; 900 ppp->obytes += nbytes; 901 } 902 } else 903 ppp->oerrors++; 904 905 return 0; 906 } 907 908 /* it will be called when the connection was closed at ppp */ 909 static void 910 l2tp_call_closed_by_ppp(npppd_ppp *ppp) 911 { 912 l2tp_call *_this; 913 914 L2TP_CALL_ASSERT(ppp != NULL); 915 L2TP_CALL_ASSERT(ppp->phy_context != NULL); 916 917 _this = ppp->phy_context; 918 919 /* do before l2tp_call_disconnect() */ 920 _this->ppp = NULL; 921 922 if (_this->state == L2TP_CALL_STATE_CLEANUP_WAIT) { 923 /* no need to call l2tp_call_disconnect */ 924 } else if (ppp->disconnect_code == PPP_DISCON_NO_INFORMATION) { 925 l2tp_call_disconnect(_this, 926 L2TP_CDN_RCODE_ADMINISTRATIVE_REASON, 0, NULL, NULL, 0); 927 } else { 928 /* 929 * RFC3145 L2TP Disconnect Cause Information 930 */ 931 struct l2tp_avp *avp[1]; 932 struct _ppp_cause { 933 struct l2tp_avp avp; 934 uint16_t code; 935 uint16_t proto; 936 uint8_t direction; 937 char message[128]; 938 } __attribute__((__packed__)) ppp_cause; 939 940 ppp_cause.avp.is_mandatory = 0; 941 ppp_cause.avp.is_hidden = 0; 942 ppp_cause.avp.vendor_id = 0; /* ietf */ 943 ppp_cause.avp.attr_type = 944 L2TP_AVP_TYPE_PPP_DISCONNECT_CAUSE_CODE; 945 ppp_cause.code = htons(ppp->disconnect_code); 946 ppp_cause.proto = htons(ppp->disconnect_proto); 947 ppp_cause.direction = ppp->disconnect_direction; 948 ppp_cause.avp.length = offsetof(struct _ppp_cause, message[0]); 949 950 if (ppp->disconnect_message != NULL) { 951 strlcpy(ppp_cause.message, ppp->disconnect_message, 952 sizeof(ppp_cause.message)); 953 ppp_cause.avp.length += strlen(ppp_cause.message); 954 } 955 avp[0] = &ppp_cause.avp; 956 l2tp_call_disconnect(_this, 957 L2TP_CDN_RCODE_ERROR_CODE, L2TP_ECODE_GENERIC_ERROR, 958 "Disconnected by local PPP", avp, 1); 959 } 960 l2tp_call_log(_this, LOG_NOTICE, "logtype=PPPUnbind"); 961 } 962 963 /* notify disconnection to ppp to terminate or free of ppp */ 964 static void 965 l2tp_call_notify_down(l2tp_call *_this) 966 { 967 if (_this->ppp != NULL) 968 ppp_phy_downed(_this->ppp); 969 } 970 971 /* bind ppp */ 972 static int 973 l2tp_call_bind_ppp(l2tp_call *_this, dialin_proxy_info *dpi) 974 { 975 int code, errcode; 976 npppd_ppp *ppp; 977 978 code = L2TP_CDN_RCODE_BUSY; 979 errcode = 0; 980 ppp = NULL; 981 if ((ppp = ppp_create()) == NULL) 982 goto fail; 983 984 ASSERT(_this->ppp == NULL); 985 986 if (_this->ppp != NULL) 987 return -1; 988 989 _this->ppp = ppp; 990 991 ppp->tunnel_type = PPP_TUNNEL_L2TP; 992 ppp->phy_context = _this; 993 ppp->send_packet = l2tp_call_ppp_output; 994 ppp->phy_close = l2tp_call_closed_by_ppp; 995 996 strlcpy(ppp->phy_label, _this->ctrl->phy_label, 997 sizeof(ppp->phy_label)); 998 memcpy(&ppp->phy_info.peer_in, &_this->ctrl->peer, 999 _this->ctrl->peer.ss_len); 1000 strlcpy(ppp->calling_number, _this->calling_number, 1001 sizeof(ppp->calling_number)); 1002 if (ppp_init(npppd_get_npppd(), ppp) != 0) { 1003 l2tp_call_log(_this, LOG_ERR, "failed binding ppp"); 1004 goto fail; 1005 } 1006 1007 l2tp_call_log(_this, LOG_NOTICE, "logtype=PPPBind ppp=%d", ppp->id); 1008 if (DIALIN_PROXY_IS_REQUESTED(dpi)) { 1009 if (!l2tp_ctrl_config_str_equal(_this->ctrl, 1010 "l2tp.accept_dialin", "true", 0)) { 1011 l2tp_call_log(_this, LOG_ERR, 1012 "'accept_dialin' is 'false' in the setting."); 1013 code = L2TP_CDN_RCODE_ERROR_CODE; 1014 errcode = L2TP_ECODE_INVALID_MESSAGE; 1015 goto fail; 1016 } 1017 1018 if (ppp_dialin_proxy_prepare(ppp, dpi) != 0) { 1019 code = L2TP_CDN_RCODE_TEMP_NOT_AVALIABLE; 1020 goto fail; 1021 } 1022 } 1023 ppp_start(ppp); 1024 1025 return 0; 1026 fail: 1027 if (ppp != NULL) 1028 ppp_destroy(ppp); 1029 _this->ppp = NULL; 1030 1031 l2tp_call_disconnect(_this, code, 0, NULL, NULL, 0); 1032 return 1; 1033 } 1034